We all learn numbers from the childhood. Some of us like to count, others hate it, but any person uses numbers everyday to buy things, pay for services, estimated time and necessary resources. People have been wondering about numbers’ properties for thousands of years. And for thousands of years it was more or less just a game that was only interesting for pure mathematicians. Famous 20th century mathematician G.H. Hardy once said “The Theory of Numbers has always been regarded as one of the most obviously useless branches of Pure Mathematics”. Just 30 years after his death, an algorithm for encryption of secret messages was developed using achievements of number theory. It was called RSA after the names of its authors, and its implementation is probably the most frequently used computer program in the word nowadays. Without it, nobody would be able to make secure payments over the internet, or even log in securely to e-mail and other personal services. In this short course, we will make the whole journey from the foundation to RSA in 4 weeks. By the end, you will be able to apply the basics of the number theory to encrypt and decrypt messages, and to break the code if one applies RSA carelessly. You will even pass a cryptographic quest!
As prerequisites we assume only basic math (e.g., we expect you to know what is a square or how to add fractions), basic programming in python (functions, loops, recursion), common sense and curiosity. Our intended audience are all people that work or plan to work in IT, starting from motivated high school students.
Do you have technical problems? Write to us: coursera@hse.ru

审阅

L

A good course for people who have no basic background in number theory , explicit clear explanation in RSA algorithm. Overall,a good introduction course.

WH

Apr 03, 2020

Filled StarFilled StarFilled StarFilled StarFilled Star

My first experience with cryptography. The coding assignments are enough to make me think and ensure that I understood the concepts.

从本节课中

Cryptography

Modern cryptography has developed the most during the World War I and World War II, because everybody was spying on everybody. You will hear this story and see why simple cyphers didn't work anymore. You will learn that shared secret key must be changed for every communication if one wants it to be secure. This is problematic when the demand for secure communication is skyrocketing, and the communicating parties can be on different continents. You will then study the RSA cryptosystem which allows parties to exchange secret keys such that no eavesdropper is able to decipher these secret keys in any reasonable time. After that, you will study and later implement a few attacks against incorrectly implemented RSA, and thus decipher a few secret codes and even pass a small cryptographic quest!

教学方

Alexander S. Kulikov

Michael Levin

Vladimir Podolskii

脚本

[MUSIC] Hi, in this video we're going to study a bit more subtle attack, which uses a small difference between primes and the public key. So assume that Bob generates primes p and q such that p is less than q and the difference q- p is somewhat small like 1 million. What can Eve do in this situation, what do you think? Well, we see that n = p times q and p is less than q so p should be less than square root of n and q should be bigger than square root of n for that to be true. And Eve doesn't know p or q, but she knows that this property is necessarily true, that one of the primes is less than the square root of n and another one is bigger than the square root of n. Now, we can also say that square root of n- p is less than q- p because square root of n is less than the bigger of the two primes. q- p = r, which is small. And so now, we can say that square root of n- r is less than p, okay? And then, also, we know that p, the smaller of two primes is less than square root of n. So now we have a range between square root of n- r and square root of n where necessarily, one of our prime lies. So p is lying in this range. And the life of this range, was it? Well, it's just r, which was said to be pretty small, like 1 million or something. So what we can do is we can actually for applying for Eve we can try all integers in this range between square root of n- r and square root of n as divisors of n. And necessarily we will be able to factorize n and to try just 1 million divisors is, we can do that pretty fast. So this leaves to us breaking decipher. Actually we can do this even more efficiently because if n is the product of two primes, well of course p and q will be both odd because it doesn't make any sense to use prime number two as one of those because it's small and we already know that RSA when one of the prime is small. Then both p and q are more than two and so they're both odd. So number p+ q over 2 and p minus q over 2 are integers. Now n = p times q and we can rewrite that as p = (p + q) over 2 + ( p- q) over 2 and q = (p + q) over 2- p minus q over 2. So we can rewrite as a product of these to break us and then this product is equal to difference of squares of p + q over 2 squared minus p- q over 2 squared. So n is the difference of squares and one of the squares is small because the absolute value of p minus q is given to be small. So what we can do to decipher or to factorise n, at least we can try adding the increasing squares of integers to n. Like try n plus one, try n plus four, try n plus nine and so on, and plus some small numbers squared until the number that we get becomes a perfect square. So if you get n plus some square is equal to some other square then we get that n is a difference of square. So of course we can use the formula a plus b times a minus b to factorise the difference of squares. So this is guaranteed to work, because we know that some square of a number less than, let's say 1 million, is going to work. So we will just try all these numbers, and try to, factorize that. So, this can be done probably even faster than the previous version of just going through all possible p in the range. So the solution to avoid this attack is to not just generate p and q, but if we generate the p and q and it turns out that absolute value of p- q is small, and can just regenerate and repeat until the absolute value of p- q is sufficiently large. But actually in practice if we're using a good random number generator and we're generating really big primes, like primes of size 2048 bits, then the probability that this happens is negligibly small. So we can actually even ignore this problem whatsoever and just generate primes uniformly among all big integer numbers of 2048 bits. And the probability that we'll get this problem is so small that we don't need to bother about it. The probability that someone will just go and tell our enemy our secret key is much bigger than the probability that this algorithm will actually generate two prime which are too close to each other. So although this is an interesting attack this is more of a theoretical attack which shouldn't happen in practice, and we don't have to actually defend ourselves against it. The only way we need to defend us is to really use uniform distribution on the numbers when we generate big random. [MUSIC]